14 DAY TRIAL // Following a series of disruptive and headline-grabbing ransomware attacks on corporations in the United States over the past several months, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has released a list of suggestions to prevent and respond to these sorts of attacks.
The information sheet called Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches contains numerous recommendations. In addition, the paper advises companies not to pay a ransom if they are the target of a ransomware attack.
The fact sheet reads “Ransomware is a serious and increasing threat to all government and private sector organizations, including critical infrastructure organizations. In response, the U.S. government launched StopRansomware.gov, a centralized, whole-of-government webpage providing ransomware resources, guidance, and alerts”.
According to the agency document, to prevent being a victim of Ransomware attacks, businesses should take steps such as the ones listed below:
- Address internet-facing vulnerabilities and misconfigurations to decrease the likelihood of attackers making use of this attack surface
- Developing, maintaining, and exercising a fundamental cyber incident response plan, a resiliency strategy, and a related communications plan are all important tasks
- Maintain offline, encrypted copies of data, and verify backups on a regular basis
- Reduce the likelihood of receiving phishing emails
- Adhere to proper cyber hygiene guidelines
Some precautions are easy to take, such as making frequent offline backups. An important component of this protection strategy is avoiding infection, deletion, or encryption in the event of a ransomware incident. One way to achieve this is to make sure all software is up to date, whether it's firmware, applications, operating systems, frameworks, or other types of software. Running regular vulnerability scans to identify and address vulnerabilities with a focus on those affecting Internet-related devices, is also recommended, especially since there are many free cyber hygiene services in this sense.